Menu
▾
▴
[Sblim-commit] Git: SFCB - Small Footprint CIM Broker branch, master, updated. SFCB_1_4_0-106-g65450ac
|
From: Chris B. <buc...@us...> - 2011-06-07 21:31:26
|
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "SFCB - Small Footprint CIM Broker".
The branch, master has been updated
via 65450ac5a8757e028cd5fd40d487aa246f598346 (commit)
via a0896e08d930ad1b82ab8701402940346d7ef66e (commit)
via 95a0393a17b40ec541f62c3c191769f3e82642ca (commit)
via 709d963a5fd550486018759a8f7d375c22ad24e0 (commit)
via 0bb2280635f1dbde8f8dde4d752dcb569d59aa11 (commit)
via 70a642ebf8625ee1d2488c1d3e450ca1a252d7b8 (commit)
via 82ef47f2144b6706e9eaffc03fc5e8c6e00107ba (commit)
via 4de382767737c19c38f9f7805c7f2d3e9173ca80 (commit)
via 2bee255dc5004ccd7ec8cc0b85ee4fedf0874525 (commit)
via 9e3a08f88b30bf9fa4bafe3c9d01bd7e08c66a6e (commit)
via 913392e6aca86dc1c1bcad08767840fe0a00a2b1 (commit)
via a46aebdb2d77e1737ee8897b9145265dc6e981f7 (commit)
via 640f180323478e2179c37855c6ef9ae0641e043a (commit)
via bef9b8ddd6b84510dc126cad043ca99e77efe899 (commit)
via 1327bc1ce2b3038ac35d2adbb302561b1f08dd5a (commit)
from 58736a44fd57900550f127fdb70c96286f3defcd (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 65450ac5a8757e028cd5fd40d487aa246f598346
Author: buccella <buc...@li...>
Date: Tue Jun 7 17:31:21 2011 -0400
undid temp chagnes
commit a0896e08d930ad1b82ab8701402940346d7ef66e
Author: buccella <buc...@li...>
Date: Tue Jun 7 16:54:31 2011 -0400
adding-in changes from updated patch. Namespace and class name of CIM_Account provider can now be specified as provider params
commit 95a0393a17b40ec541f62c3c191769f3e82642ca
Merge: 709d963a5fd550486018759a8f7d375c22ad24e0 58736a44fd57900550f127fdb70c96286f3defcd
Author: buccella <buc...@li...>
Date: Mon Jun 6 16:27:54 2011 -0400
Merge branch 'master' of ssh://sblim.git.sourceforge.net/gitroot/sblim/sfcb into IMM_expired_password
Conflicts:
ChangeLog
configure.ac
httpAdapter.c
commit 709d963a5fd550486018759a8f7d375c22ad24e0
Author: buccella <buc...@li...>
Date: Wed Apr 27 15:35:32 2011 -0400
change based on code review
commit 0bb2280635f1dbde8f8dde4d752dcb569d59aa11
Author: buccella <buc...@li...>
Date: Wed Apr 27 12:09:22 2011 -0400
dynamically add SFCB_Account entry to default.reg
commit 70a642ebf8625ee1d2488c1d3e450ca1a252d7b8
Author: buccella <buc...@li...>
Date: Tue Apr 26 18:34:30 2011 -0400
have ALLOW_UPDATE_EXPIRED_PW come from configure; get rid of hard define
commit 82ef47f2144b6706e9eaffc03fc5e8c6e00107ba
Author: buccella <buc...@li...>
Date: Tue Apr 26 17:35:26 2011 -0400
updated CIM_Error XML again; added DESCRIPTION to ERROR
commit 4de382767737c19c38f9f7805c7f2d3e9173ca80
Author: buccella <buc...@li...>
Date: Mon Apr 25 17:54:37 2011 -0400
some simplification; encapsulated CIM_Error instance in ERROR tag
commit 2bee255dc5004ccd7ec8cc0b85ee4fedf0874525
Author: buccella <buc...@li...>
Date: Mon Apr 25 17:06:50 2011 -0400
clear hcr flags when necessary; remove printfs
commit 9e3a08f88b30bf9fa4bafe3c9d01bd7e08c66a6e
Author: buccella <buc...@li...>
Date: Mon Apr 25 17:05:00 2011 -0400
added configure option enable-expired-pw-update
commit 913392e6aca86dc1c1bcad08767840fe0a00a2b1
Author: buccella <buc...@li...>
Date: Thu Apr 21 17:30:38 2011 -0400
added CIM_Error response
commit a46aebdb2d77e1737ee8897b9145265dc6e981f7
Author: buccella <buc...@li...>
Date: Thu Apr 21 14:58:28 2011 -0400
now pulls UserPassword from args
commit 640f180323478e2179c37855c6ef9ae0641e043a
Author: buccella <buc...@li...>
Date: Tue Apr 19 14:28:48 2011 -0400
mostly working
commit bef9b8ddd6b84510dc126cad043ca99e77efe899
Author: buccella <buc...@li...>
Date: Tue Apr 19 14:28:38 2011 -0400
mostly working
commit 1327bc1ce2b3038ac35d2adbb302561b1f08dd5a
Author: buccella <buc...@li...>
Date: Tue Apr 5 15:24:33 2011 -0400
[ 3203290 ] Basic Auth Should Consider Expired Passwords
(missing line from the previous commit)
-----------------------------------------------------------------------
Summary of changes:
diff --git a/Makefile.am b/Makefile.am
index 7326377..2f3dd61 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -113,6 +113,12 @@ else
PAM_LIBS =
endif
+if ACCOUNT_PASSTHRU
+ ACCOUNT_PASSTHRU_LIBS = libsfccimAccountPassthroughProvider.la
+else
+ ACCOUNT_PASSTHRU_LIBS =
+endif
+
sfcb_sharedobjects = \
$(sfcblibdir)/*.so
@@ -137,7 +143,8 @@ sfcblib_LTLIBRARIES = \
$(QUALREP_LIBS) \
$(INDICATION_LIBS) \
$(PAM_LIBS) \
- $(SLP_HOSTNAME_LIBS)
+ $(SLP_HOSTNAME_LIBS) \
+ $(ACCOUNT_PASSTHRU_LIBS)
if TEST_ENABLED
sfcblib_LTLIBRARIES += \
@@ -287,6 +294,12 @@ libsfcElementCapabilitiesProvider_la_SOURCES = \
libsfcElementCapabilitiesProvider_la_LIBADD=-lsfcBrokerCore
libsfcElementCapabilitiesProvider_la_DEPENDENCIES=libsfcBrokerCore.la
+if ACCOUNT_PASSTHRU
+libsfccimAccountPassthroughProvider_la_SOURCES = cimAccountPassthroughProvider.c
+libsfccimAccountPassthroughProvider_la_LIBADD=-lsfcBrokerCore
+libsfccimAccountPassthroughProvider_la_DEPENDENCIES=libsfcBrokerCore.la
+endif
+
libsfcClassProviderGz_la_SOURCES = \
classProviderGz.c
libsfcClassProviderGz_la_LIBADD=-lsfcBrokerCore @SFCB_LIBZ@
@@ -417,7 +430,13 @@ EXTRA_DIST=sfcb.cfg.pre.in sfcb.spec sfcbrepos.sh.in sfcbstage.sh.in \
dist_sfcbdata_SCRIPTS=genSslCert.sh getSchema.sh test/stageschema.sh
-dist_sfcbdata_DATA=default.reg 10_interop.mof 20_indication.mof indication.mof
+if ACCOUNT_PASSTHRU
+ACCOUNT_PASSTHRU_MOF = cimAccountPassthrough.mof
+else
+ACCOUNT_PASSTHRU_MOF =
+endif
+
+dist_sfcbdata_DATA=default.reg 10_interop.mof 20_indication.mof indication.mof $(ACCOUNT_PASSTHRU_MOF)
nodist_bin_SCRIPTS=sfcbrepos sfcbstage sfcbunstage sfcbuuid
@@ -505,6 +524,9 @@ if INDICATIONS
$(INSTALL_DATA) $(srcdir)/20_indication.mof $(DESTDIR)$(sfcbstatedir)/stage/mofs/root/interop
$(INSTALL_DATA) $(srcdir)/indication.mof $(DESTDIR)$(sfcbstatedir)/stage/mofs
endif
+if ACCOUNT_PASSTHRU
+ $(INSTALL_DATA) $(srcdir)/cimAccountPassthrough.mof $(DESTDIR)$(sfcbstatedir)/stage/mofs/root/interop
+endif
if DOCS
test -d $(DESTDIR)$(sfcbdocdir)/html || $(mkdir_p) $(DESTDIR)$(sfcbdocdir)/html
$(INSTALL) -m 644 $(srcdir)/doc/html/* $(DESTDIR)$(sfcbdocdir)/html
diff --git a/cimAccountPassthrough.mof b/cimAccountPassthrough.mof
new file mode 100644
index 0000000..8fe3e34
--- /dev/null
+++ b/cimAccountPassthrough.mof
@@ -0,0 +1,13 @@
+[Description ("SFCB_Account is a dummy class used for the sole purpose of "
+ "allowing an InvokeMethod request from an expired user to "
+ "pass through to the CIM_Account provider in order to update "
+ "the expired password."
+)]
+class SFCB_Account
+{
+ [Description ("Provide the new password to be used in the "
+ "ModifyInstance operation on CIM_Account. "
+ )]
+ uint8 UpdateExpiredPassword( [IN] string UserPassword, [OUT] string Message);
+};
+
diff --git a/cimAccountPassthroughProvider.c b/cimAccountPassthroughProvider.c
new file mode 100644
index 0000000..b41f803
--- /dev/null
+++ b/cimAccountPassthroughProvider.c
@@ -0,0 +1,174 @@
+
+/*
+ * cimAccountPassthroughProvider.c
+ *
+ * (C) Copyright IBM Corp. 2011
+ *
+ * THIS FILE IS PROVIDED UNDER THE TERMS OF THE ECLIPSE PUBLIC LICENSE
+ * ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THIS FILE
+ * CONSTITUTES RECIPIENTS ACCEPTANCE OF THE AGREEMENT.
+ *
+ * You can obtain a current copy of the Eclipse Public License from
+ * http://www.opensource.org/licenses/eclipse-1.0.php
+ *
+ * Author: Chris Buccella <buc...@li...>
+ *
+ * Description:
+ *
+ * This provider's only function is to handle an InvokeMethod request
+ * for UpdateExpiredPassword and pass it on to the CIM_Account provider
+ *
+ */
+
+#include "cmpi/cmpidt.h"
+#include "cmpi/cmpift.h"
+#include "cmpi/cmpimacs.h"
+
+#include <stdlib.h>
+#include <string.h>
+#include "trace.h"
+#include "native.h"
+
+/*
+ * -------------------------------------------------------------------------
+ */
+
+static const CMPIBroker *_broker;
+
+void
+setStatus(CMPIStatus *st, CMPIrc rc, char *msg)
+{
+ st->rc = rc;
+ if (rc != 0 && msg)
+ st->msg = sfcb_native_new_CMPIString(msg, NULL, 0);
+ else
+ st->msg = NULL;
+}
+
+
+CMPIStatus
+CimAccountPassthroughProviderMethodCleanup(CMPIMethodMI * mi,
+ const CMPIContext *ctx, CMPIBoolean terminate)
+{
+ CMPIStatus st = { CMPI_RC_OK, NULL };
+ _SFCB_ENTER(TRACE_PROVIDERS, "CimAccountPassthroughProviderMethodCleanup");
+ _SFCB_RETURN(st);
+}
+
+CMPIStatus
+CimAccountPassthroughProviderInvokeMethod(CMPIMethodMI * mi,
+ const CMPIContext *ctx,
+ const CMPIResult *rslt,
+ const CMPIObjectPath * ref,
+ const char *methodName,
+ const CMPIArgs * in, CMPIArgs * out)
+{
+ CMPIStatus st = { CMPI_RC_OK, NULL };
+
+ _SFCB_ENTER(TRACE_PROVIDERS, "CimAccountPassthroughProviderInvokeMethod");
+
+ _SFCB_TRACE(1, ("--- Method: %s", methodName));
+
+ CMPIData arg = CMGetArg(in, "UserPassword", &st);
+ if (st.rc != CMPI_RC_OK) {
+ setStatus(&st, CMPI_RC_ERR_NOT_FOUND,
+ "Required argument UserPassword missing");
+ _SFCB_RETURN(st);
+ }
+ const char* newPW = CMGetCharPtr(arg.value.string);
+
+ if (strcasecmp(methodName, "UpdateExpiredPassword") == 0) {
+
+ /* check to see if parameters were specified in providerRegister */
+ CMPIStatus parm_st = { CMPI_RC_OK, NULL };
+ CMPIData parmdata = CMGetContextEntry(ctx, "sfcbProviderParameters", &parm_st);
+ char* acct_cn = "CIM_Account";
+ char* acct_ns = "root/cimv2";
+
+ if (parm_st.rc == CMPI_RC_OK ) {
+ const char* parms = CMGetCharPtr(parmdata.value.string);
+
+ /* there is only one param, so just take whatever is after the '=' */
+ char* val = strchr(parms,'=');
+ if (val) {
+ char* colon = strchr(val,':');
+ if (colon) {
+ acct_cn = colon+1;
+ colon[0] = '\0';
+ acct_ns = val+1;
+ }
+ }
+ }
+
+ CMPIObjectPath *caOp = CMNewObjectPath(_broker, acct_ns, acct_cn, &st);
+
+ /* if a simple strcmp works, don't bother with the isa */
+ if (strcasecmp(acct_cn, "cim_account")) {
+ if (!CMClassPathIsA(_broker, caOp, "cim_account", &st)) {
+ setStatus(&st, CMPI_RC_ERR_NOT_FOUND,
+ "Class specified for password update not a CIM_Account");
+ _SFCB_RETURN(st);
+ }
+ }
+
+ CMPIData principal = CMGetContextEntry(ctx, "CMPIPrincipal", &st);
+ char* httpUser = CMGetCharPtr(principal.value.string);
+
+ /* Important! We assume the Name key = the expired HTTP user */
+ CMPIData item, nameKey;
+ CMPIString* nameKeyStr;
+ CMPIEnumeration *enm = CBEnumInstanceNames(_broker, ctx, caOp, &st);
+ CMPIInstance *caInst = NULL;
+
+ while (enm && CMHasNext(enm, &st)) {
+ item = CMGetNext(enm, &st);
+ caOp = item.value.ref;
+ nameKey = CMGetKey(caOp, "Name", &st);
+ if (st.rc == CMPI_RC_OK) {
+ nameKeyStr = nameKey.value.string;
+ if (strcmp(CMGetCharsPtr(nameKeyStr, &st), httpUser) == 0) {
+ caInst = CBGetInstance(_broker, ctx, caOp, NULL, &st);
+ break;
+ }
+ }
+ }
+ if (caInst) { /* ok to send ModifyInstance request to CIM_Account prov */
+
+ CMPIString* npwv;
+ npwv = CMNewString(_broker, newPW, NULL);
+
+ CMPIArray *pwArray = CMNewArray(_broker, 1, CMPI_string, &st);
+
+ st = CMSetArrayElementAt(pwArray, 0, (CMPIValue*)&(npwv), CMPI_string);
+
+ CMPIData d = CMGetArrayElementAt(pwArray, 0, NULL);
+ CMPIString* s = d.value.string;
+
+ CMSetProperty(caInst, "UserPassword", (CMPIValue*)&(pwArray), CMPI_stringA);
+ st = CBModifyInstance(_broker, ctx, caOp, caInst, NULL);
+
+ CMPIValue av;
+ av.string = st.msg;
+ CMAddArg(out, "Message", &av, CMPI_string);
+ }
+ else { /* no caInst; probably wrong principal (UserName didn't match) */
+ _SFCB_TRACE(1, ("--- Invalid request method: %s", methodName));
+ setStatus(&st, CMPI_RC_ERR_NOT_FOUND, "No matching CIM_Account for user");
+ }
+ }
+ else {
+ _SFCB_TRACE(1, ("--- Invalid request method: %s", methodName));
+ setStatus(&st, CMPI_RC_ERR_METHOD_NOT_FOUND, "Invalid request method");
+ }
+
+ _SFCB_RETURN(st);
+}
+
+
+CMMethodMIStub(CimAccountPassthroughProvider, CimAccountPassthroughProvider, _broker, CMNoHook);
+
+/* MODELINES */
+/* DO NOT EDIT BELOW THIS COMMENT */
+/* Modelines are added by 'make pretty' */
+/* -*- Mode: C; c-basic-offset: 2; indent-tabs-mode: nil; -*- */
+/* vi:set ts=2 sts=2 sw=2 expandtab: */
diff --git a/cimRequest.c b/cimRequest.c
index f65f2a8..a1b7c7a 100644
--- a/cimRequest.c
+++ b/cimRequest.c
@@ -327,6 +327,27 @@ methodErrResponse(RequestHdr * hdr, char *error)
return rs;
};
+#ifdef ALLOW_UPDATE_EXPIRED_PW
+
+static char *
+getErrExpiredSegment()
+{
+ char* msg = sfcb_snprintf("<ERROR CODE=\"2\" \
+DESCRIPTION=\"User Account Expired\">\n\
+<INSTANCE CLASSNAME=\"CIM_Error\">\n\
+<PROPERTY NAME=\"ErrorType\" TYPE=\"uint16\">\
+<VALUE>1</VALUE></PROPERTY>\n\
+<PROPERTY NAME=\"OtherErrorType\" TYPE=\"string\">\
+<VALUE>Password Expired</VALUE></PROPERTY>\n\
+<PROPERTY NAME=\"ProbableCause\" TYPE=\"uint16\">\
+<VALUE>117</VALUE></PROPERTY>\n\
+</INSTANCE>\n</ERROR>\n");
+
+ return msg;
+}
+
+#endif /* ALLOW_UPDATE_EXPIRED_PW */
+
static RespSegments
ctxErrResponse(RequestHdr * hdr, BinRequestContext * ctx, int meth)
{
@@ -1707,6 +1728,23 @@ static Handler handlers[] = {
{invokeMethod}, // OPS_InvokeMethod 24
};
+RespSegments sendHdrToHandler(RequestHdr* hdr, CimRequestContext* ctx) {
+
+ RespSegments rs;
+ Handler hdlr;
+ HeapControl *hc;
+
+ hc = markHeap();
+ hdlr = handlers[hdr->opType];
+ rs = hdlr.handler(ctx, hdr);
+ releaseHeap(hc);
+
+ ctx->className = hdr->className;
+ ctx->operation = hdr->opType;
+
+ return rs;
+}
+
static Scanner scanners[] = {
#ifdef HANDLER_CIMRS
{scanCimRsRequest},
@@ -1719,12 +1757,10 @@ static Scanner scanners[] = {
static int scanner_count = sizeof(scanners) / sizeof(Scanner);
RespSegments
-handleCimRequest(CimRequestContext * ctx)
+handleCimRequest(CimRequestContext * ctx, int flags)
{
RespSegments rs;
RequestHdr hdr;
- Handler hdlr;
- HeapControl *hc;
#ifdef SFCB_DEBUG
struct rusage us,
ue;
@@ -1779,7 +1815,6 @@ handleCimRequest(CimRequestContext * ctx)
timevalDiff(&us.ru_stime, &ue.ru_stime)));
}
#endif
-
if (hdr.rc) {
if (hdr.methodCall) {
rs = methodErrResponse(&hdr, getErrSegment(CMPI_RC_ERR_FAILED,
@@ -1790,15 +1825,27 @@ handleCimRequest(CimRequestContext * ctx)
hdr.errMsg));
// rs = iMethodErrResponse(&hdr, getErrSegment(CMPI_RC_ERR_FAILED,
// "invalid imethodcall XML"));
+ }
+ }
+#ifdef ALLOW_UPDATE_EXPIRED_PW
+ else if (flags) {
+ /* request from user with an expired password AND requesting password update */
+ if (flags == (HCR_UPDATE_PW | HCR_EXPIRED_PW) &&
+ (strcasecmp(hdr.className, "SFCB_Account") == 0) && hdr.methodCall) {
+ rs = sendHdrToHandler(&hdr, ctx);
+ }
+ else { /* expired user tried to invoke non-UpdatePassword request */
+ if (hdr.methodCall) {
+ rs = methodErrResponse(&hdr, getErrExpiredSegment());
+ } else {
+ rs = iMethodErrResponse(&hdr, getErrExpiredSegment());
+ }
+ }
}
- } else {
- hc = markHeap();
- hdlr = handlers[hdr.opType];
- rs = hdlr.handler(ctx, &hdr);
- releaseHeap(hc);
+#endif /* ALLOW_UPDATE_EXPIRED_PW */
- ctx->className = hdr.className;
- ctx->operation = hdr.opType;
+ else {
+ rs = sendHdrToHandler(&hdr, ctx);
}
rs.buffer = hdr.buffer;
rs.rc=0;
diff --git a/cimRequest.h b/cimRequest.h
index 8264534..a7416cd 100644
--- a/cimRequest.h
+++ b/cimRequest.h
@@ -85,9 +85,14 @@ typedef struct requestHdr {
unsigned int sessionId;
} RequestHdr;
-extern RespSegments handleCimRequest(CimRequestContext * ctx);
+extern RespSegments handleCimRequest(CimRequestContext * ctx, int flags);
extern int cleanupCimXmlRequest(RespSegments * rs);
+#ifdef ALLOW_UPDATE_EXPIRED_PW
+ #define HCR_EXPIRED_PW 1 /* flag: expired user tries to auth */
+ #define HCR_UPDATE_PW 2 /* flag: UpdateExpiredPassword HTTP header */
+#endif
+
#endif
/* MODELINES */
/* DO NOT EDIT BELOW THIS COMMENT */
diff --git a/configure.ac b/configure.ac
index 1a7e376..ea7a637 100644
--- a/configure.ac
+++ b/configure.ac
@@ -115,6 +115,10 @@ AC_ARG_ENABLE(request-types,
[AC_HELP_STRING([--enable-request-types(=TYPES)],
[Enable support of listed request types. If none are listed, all are enabled.])])
+AC_ARG_ENABLE(expired-pw-update,
+ [AC_HELP_STRING([--enable-expired-pw-update],
+ [allow a user with an expired account to invoke a password update for CIM_Account (see docs).])])
+
# Size checks
AC_CHECK_SIZEOF(void*)
AC_CHECK_SIZEOF(int)
@@ -177,6 +181,13 @@ if test "$enable_slp_hostname_lib" == "yes"; then
AC_DEFINE(SLP_HOSTNAME_LIB,,[SLP Hostname lib enabled])
fi
+if test "$enable_expired_pw_update" == "yes"; then
+ LOAD_SFCBACCOUNT_PROVIDER=
+ AC_DEFINE(ALLOW_UPDATE_EXPIRED_PW,1,[Expired Account Password Update enabled])
+else
+ LOAD_SFCBACCOUNT_PROVIDER='#'
+fi
+AC_SUBST(LOAD_SFCBACCOUNT_PROVIDER)
# Check and configure requested tests.
if test "$enable_tests" == "yes"; then
@@ -348,7 +359,6 @@ if test "$enable_settableretry" == "yes"; then
AC_DEFINE(SETTABLERETRY,,[Settable indication parameters enabled])
fi
-
if test "$enable_qualifierrep" == "yes"; then
LOAD_QUALIFIER_PROVIDER=
AC_DEFINE(HAVE_QUALREP,,[Qualifier repository support enabled.])
@@ -551,6 +561,7 @@ AM_CONDITIONAL(DOCS,[test "$enable_docs" == "yes"])
AM_CONDITIONAL(IPV6,[test "$enable_ipv6" == "yes"])
AM_CONDITIONAL(LOCAL_CONNECT_NO_INDICATION,[test "$enable_local_connect_only" == "yes" -a "$enable_indications" == "no"])
AM_CONDITIONAL(LOCAL_CONNECT_ONLY,[test "$enable_local_connect_only" == "yes"])
+AM_CONDITIONAL(ACCOUNT_PASSTHRU,[test "$enable_expired_pw_update" == "yes"])
AC_CONFIG_FILES([Makefile sfcb.spec sfcbrepos.sh sfcbstage.sh sfcbunstage.sh
sfcbuuid.sh sfcb.cfg.pre getSchema.sh.pre 20_indication.mof.pre
@@ -578,6 +589,7 @@ echo -e "uds"\\t\\t\\t\\t"${enable_uds:-no}"
echo -e "tests"\\t\\t\\t\\t"${enable_tests:-no}"
echo -e "debug"\\t\\t\\t\\t"${enable_debug:-no}"
echo -e "Request types"\\t\\t\\t"${enable_request_types}"
+echo -e "Allow expired account pw update"\\t"${enable_expired_pw_update:-no}"
echo -e "Settable retry parameters"\\t"${enable_settableretry:-no}"
echo =================================================================
echo
diff --git a/control.h b/control.h
index cb88e13..63559ea 100644
--- a/control.h
+++ b/control.h
@@ -27,6 +27,7 @@ int getControlChars(char *id, char **val);
int getControlUNum(char *id, unsigned int *val);
int getControlNum(char *id, long *val);
int getControlBool(char *id, int *val);
+const char * sfcBrokerStart;
#endif
/* MODELINES */
diff --git a/default.reg.in b/default.reg.in
index e2aab7e..8d16985 100644
--- a/default.reg.in
+++ b/default.reg.in
@@ -69,6 +69,13 @@
@LOAD_INDICATION_PROVIDER@ location: sfcElementCapabilitiesProvider
@LOAD_INDICATION_PROVIDER@ type: association
@LOAD_INDICATION_PROVIDER@ namespace: root/interop
+
+@LOAD_SFCBACCOUNT_PROVIDER@[SFCB_Account]
+@LOAD_SFCBACCOUNT_PROVIDER@ provider: CimAccountPassthroughProvider
+@LOAD_SFCBACCOUNT_PROVIDER@ location: sfccimAccountPassthroughProvider
+@LOAD_SFCBACCOUNT_PROVIDER@ type: method
+@LOAD_SFCBACCOUNT_PROVIDER@ parameters: AccountClass=root/cimv2:cim_account
+@LOAD_SFCBACCOUNT_PROVIDER@ namespace: root/interop
#
[SFCB_RegisteredProfile]
provider: ProfileProvider
diff --git a/httpAdapter.c b/httpAdapter.c
index aa2bee0..fa38195 100644
--- a/httpAdapter.c
+++ b/httpAdapter.c
@@ -228,6 +228,10 @@ remProcCtl()
return 0;
}
+/*
+ * Call the authentication library
+ * Return 1 on success, 0 on fail, -1 on expired
+ */
int
baValidate(char *cred, char **principal)
{
@@ -274,7 +278,6 @@ baValidate(char *cred, char **principal)
}
free(auth);
- fprintf(stderr, "baValidate: returning %d\n", ret);
return ret;
}
@@ -842,6 +845,8 @@ doHttpRequest(CommHndl conn_fd)
ev;
CimRequestContext ctx;
int breakloop;
+ int hcrFlags = 0; /* flags to pass to handleCimRequest() */
+
_SFCB_ENTER(TRACE_HTTPDAEMON, "doHttpRequest");
if (pauseCodec("http"))
@@ -985,6 +990,11 @@ doHttpRequest(CommHndl conn_fd)
discardInput = 2;
}
}
+#ifdef ALLOW_UPDATE_EXPIRED_PW
+ else if (strncasecmp(hdr, "Pragma: UpdateExpiredPassword", 29) == 0) {
+ hcrFlags |= HCR_UPDATE_PW;
+ }
+#endif
}
#if defined USE_SSL
@@ -1012,6 +1022,7 @@ doHttpRequest(CommHndl conn_fd)
#endif
int authorized = 0;
+ int barc = 0;
#ifdef HAVE_UDS
if (!discardInput && doUdsAuth) {
struct sockaddr_un sun;
@@ -1028,17 +1039,29 @@ doHttpRequest(CommHndl conn_fd)
}
#endif
if (!authorized && !discardInput && doBa) {
- if (inBuf.authorization &&
- (baValidate(inBuf.authorization,&inBuf.principal) != AUTH_PASS)) {
- char more[] =
+ if (inBuf.authorization) {
+ barc = baValidate(inBuf.authorization,&inBuf.principal);
+#ifdef ALLOW_UPDATE_EXPIRED_PW
+ if (barc == AUTH_EXPIRED) {
+ hcrFlags |= HCR_EXPIRED_PW;
+ }
+ else if (barc == AUTH_PASS) {
+ hcrFlags = 0; /* clear flags so non-expired user doesn't update pw */
+ }
+ else if (barc == AUTH_FAIL) {
+#else
+ if (barc != AUTH_PASS) {
+#endif
+ char more[] =
"WWW-Authenticate: Basic realm=\"cimom\"\r\n";
- genError(conn_fd, &inBuf, 401, "Unauthorized", more);
- /*
- * we continue to parse headers and empty the socket to be graceful
- * with the client
- */
- discardInput = 1;
- }
+ genError(conn_fd, &inBuf, 401, "Unauthorized", more);
+ /*
+ * we continue to parse headers and empty the socket to be graceful
+ * with the client
+ */
+ discardInput = 1;
+ }
+ }
#if defined USE_SSL
else if (sfcbSSLMode && ccVerifyMode != CC_VERIFY_IGNORE) {
/*
@@ -1115,7 +1138,7 @@ doHttpRequest(CommHndl conn_fd)
}
#endif
- response = handleCimRequest(&ctx);
+ response = handleCimRequest(&ctx, hcrFlags);
} else {
response = nullResponse;
}
diff --git a/sfcb.cfg.pre.in b/sfcb.cfg.pre.in
index 70385f2..fe4c9f8 100644
--- a/sfcb.cfg.pre.in
+++ b/sfcb.cfg.pre.in
@@ -58,7 +58,7 @@ useChunking: true
## Enable basic authentication for HTTP and HTTPS connections
## Default is false
-doBasicAuth: @SFCB_CONF_DOBASICAUTH@
+doBasicAuth: true #temp change to test feature
## Name of of the authenticaion library. Leave off the ".so"
## Default is: sfcBasicAuthentication
hooks/post-receive
--
SFCB - Small Footprint CIM Broker
|
